Windows 10 KB4520062 Update May Break Microsoft Defender ATP


Level 22
Sep 5, 2017
Windows 10 KB4520062 Update May Break Microsoft Defender ATP

Microsoft says that Microsoft Defender Advanced Threat Protection (ATP) might stop running on Windows 10, version 1809 devices after installing the KB4520062 Cumulative Update.
The non-security KB4520062 optional update was released on October 15 and it is designed to fix an issue leading to black screens being displayed at startup during the first sign in after installing an update.
KB4520062 also addresses an issue affecting Bluetooth when using certain audio profiles for extended periods and one known to cause high power consumption for devices in Connected Standby mode.
Client and server platforms affected, no workaround available
Unfortunately, as Microsoft acknowledged today on the Windows 10 Health Dashboard, KB4520062 might also cause the built-in Microsoft Defender ATP anti-malware service to stop running and fail to send report data.
Some Windows 10 customers "might also receive a 0xc0000409 error in Event Viewer on MsSense.exe" according to the known issued published today by Microsoft.
Redmond says that both client and server versions were the October 2018 Update was installed are affected, the list including the Windows 10 version 1809, Windows 10 Enterprise LTSC 2019, Windows Server version 1809, and Windows Server 2019 platforms.
Currently, there is no workaround available for fixing the Microsoft Defender ATP and the company recommends users of platforms affected by this issue to not install the problematic CU.
Also, according to Redmond, a solution for this known issue should be available next month, to be pushed out as part of a future update.
"At this time, we suggest that devices in an affected environment do not install KB4520062. We are working on a resolution and estimate a solution will be available in mid-November," says Microsoft.
Uninstalling the KB4520062 update
Since an official workaround is not yet available for those who have already installed the KB4520062 cumulative update and no security mitigations were pushed with it, uninstalling it should fix the Microsoft Defender ATP issues it causes and not increase their devices' attack surface.
Microsoft says in the update's details from the Update Catalog that KB4520062 can be removed "by selecting View installed updates in the Programs and Features Control Panel."
Uninstalling the KB4520062 update
Uninstalling the KB4520062 update
The step by step procedure needed to uninstall this update requires you to open Control Panel, go to Programs > Programs and Features, and click on View installed updates in the left sidebar.
Next, right-click on the KB4520062 entry in the list and confirm when asked if "Are you sure you want to uninstall this update?". Next, you'll have to click 'Yes' when asked and then restart your device.